button button button button button button
button button button

Tough Data Protection Regulations Start in May

Posted on 25 May 2017

With a year to go until the General Data Protection Regulation become law, British Chambers of Commerce are urging businesses to start preparing to ensure they are compliant with the legislation when it comes into force.

From 25 May 2018, all businesses that hold personal data will have to guarantee their procedures are fit for purpose and compliant with the new regulation.

While the GDPR is an EU-initiative, the UK Government has already made clear that the legislation will be part of British law post-Brexit.

Businesses that are found to be non-compliant risk potential fines of up to €20m or four per cent of annual worldwide turnover, considerably higher than fines under current data protection regulations.

East Midlands Chamber is one of the 52 BCC-accredited Chambers of Commerce around the country to urge its members to start now to take the necessary preparations to ensure they are ready for the regulation.

Steps for Businesses to Take

  • Document what personal data the company holds, where it came from and who it is shared with. Firms may want to consider organising an information audit or speaking to a data expert.
  • Review current privacy notices and plan for any necessary changes needed before the implementation deadline.
  • Check procedures to ensure that they cover all the rights individuals have under the new rules, including how to delete personal data or provide data electronically if needed.
  • Review how the company seeks, obtains and records consent from individuals, and whether any changes are necessary .
  • Ensure the right procedures are in place to detect, report and investigate a personal data breach.
  • Determine whether a Data Protection Officer is required, and designate one if so, to take responsibility for data protection compliance and assess how the role will sit within the organisation.

For more steps on preparing for the General Data Protection Regulation, businesses should revert to the Information Commissioner’s Office checklist.

David Riches, Executive Director at the British Chambers of Commerce (BCC), said: “Businesses need to be proactive about ensuring they are ready for the new data protection regulations when they come into force this time next year, and not leave preparations until the eleventh hour. Those firms that don’t fulfil the necessary responsibilities leave themselves vulnerable to tough penalties, not to mention public scrutiny.

“With twelve months to go, there are a number of procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant. Businesses that are already vigilant about their data protection responsibilities won’t be unduly burdened by the new legislation.

“The General Data Protection Regulation is intended to reflect modern working practices in the digital age, and will strengthen consumer trust and confidence in businesses. It will establish a single set of rules across Europe, which will make it simpler and cheaper for UK companies to do business across the continent, even after we leave the EU.”

Andy Watterson, the East Midlands Chamber’s lead on cyber crime, said: “ The way businesses handled data back in 1998, when the existing data protection regulations were introduced, is very different from the way we handle data today. In the modern digital world we handle far more data, in many different ways, and we also move data across international borders more than we used to.

"This legislation isn't being introduced for the sake of it, it reflects how we handle data. If we want to do business with other countries then our data protection regulation has to match theirs. Business should use this as an opportunity to review how they handle data to make they do it in the most secure way.

"Data breaches and other cyber attacks are not going to diminish, as the recent wannacry ransomware attack has shown. If anything, they will get bigger and more frequent as the hackers get more and more clever and the amount of data gathered by organisations of all sizes continues to increase.

“The Government has already said that all existing EU regulations will be subsumed into UK law when we leave the EU so the punitive elements of the General Data Protection Regulations are not going to go away. It is essential organisations can prove they took every precaution possible to protect client data if they need to mitigate a punishment calculated on four per cent of global turnover – that’s turnover, not profit.”

Companies wanting to know more about the implications of the new General Data Protection Regulations are encouraged to attend a workshop on this subject, to be given by Nelsons Solicitors at the East Midlands Cyber Security Conference, on Thursday 6 July, at MediCity, Nottingham.

Share and Comment

Share Your News

Got some exciting news you'd like to share with thousands of Chamber members across the East Midlands? Email your press release to: magazine@emc-dnl.co.uk


Chamber Magazines

The Chamber produces a range of publications each month to ensure its members are kept up-to-date with all the latest news and updates from the local business community.


Members' Briefings

Exclusive to Chamber members, Members' Briefing contains vital information on the latest legislation as well as local, regional and national news that has an impact on your business.


Friars Mill

Friars Mill

Members' Offer

One of the many great offers available to members:

Contact The Chamber Chesterfield (Registered Office): 01246 207207
Derby: 01332 851280
Nottingham: 0115 957 8757
Leicester: 0116 247 1800
Monday to Thursday: 8.30am - 5.30pm, Friday: 8.30am - 5.00pm
© 2018 East Midlands Chamber (Derbyshire, Nottinghamshire, Leicestershire).
All Rights Reserved. Registered in England and Wales. Company No. 01785710
Terms and Conditions. Quality Policies. FAQ's. Contact Us. Web Design by Iogen. Copywriting Support by Green Light Copywriting.